Skip to main content

Shibboleth for Federated Authentication and Authorization

Shibboleth is the only authentication method Northwestern Information Technology (IT) officially supports for NetID-based authentication to applications/web sites hosted outside of the University. External partners must join the InCommon federation in addition to implementing the Shibboleth Service Provider (SP) software. Vendors/partners may also choose to implement a compatible commercial package that supports SAML-based federation.

The Shibboleth federated authentication and authorization system is designed to allow Northwestern University faculty, staff and students to login to externally-hosted systems with their NU NetIDs. Schools and departments should consider using Shibboleth when they are licensing an application that will be hosted at a vendor's web site. Many government and research-oriented web sites also use Shibboleth authentication.

In addition to authentication, Shibboleth can also pass user attribute data to the external application.These attributes are used by the external application to discriminate between different types of users (e.g., students vs. faculty) and automate the process of building a local profile (e.g., name, email address). Any release of data must be approved by the University department responsible for that data - generally Human Resources (faculty/staff data) or the Office of the Registrar (student data).

Last Updated: 28 March 2017

Get Help Back to top